3 matches found
Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address
Lines of code Vulnerability details Impact The mint function in NextGenCore.sol doesn't follow the checks-effects-interactions pattern and can be reentered through the onERC721Received function, if the receiver is a contract. The state variables written after the call are...
Malicious user can populate rewards array with tokens of their interest reaching limits of MAX_REWARD_TOKENS
Lines of code Vulnerability details Impact Malicious user can populate rewards array with different tokens early reaching limit of MAXREWARDTOKENS sending very small amount of different tokens. It will restrict any other tokens to be used as rewards in Bribe.solnotifyRewardAmount Proof of Concept...
Sending tokens close to the maximum will fail and user will lose tokens
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept When a user calls the deposit function the reward amount is calculated and an event is emited with amount+reward as the transfer amount. The function checks amount is smaller than the m...